Electronic information exchange methods are a standard means for the transfer of information. Electronic transfer methods, such as Electronic Data Interchange (EDI), computer readable media, e-mail, World Wide Web (WWW), File Transfer Protocol (FTP), Internet Relay Chat (IRC), and the like, may be accessed in a variety of methods and means, including wired as well as wireless access. The transfer of information electronically creates the potential for unauthorized eavesdropping or unauthorized access on the exchange. To protect information and prevent unauthorized access and use of information, most providers employ security procedures for authentication and/or authorization. Security procedures may be in the form of a sign-on protocol that requires a user name and password or other digital security object prior to the exchange of information. Information protected by authentication and authorization protocols may further include encryption to deter unauthorized access and use and provide for the secure communication of information.
The present invention relates to an enterprise business integration engine having secure access adapted preferably to uses in the financial industry in areas such as relationship management, merger and acquisition integration, operational risk management and performance management. The invention overcomes problems in the prior art associated with market change, competition, consumer preferences, regulatory changes and disjointed information architecture in legacy systems.
The financial industry offers a broad range of electronic applications for financial services over a broad range of networks, channels and devices. Corporate entities use electronic transfer mechanisms for cash management, funds transfers, and balance reporting over multiple company accounts; personal users perform electronic financial inquiries and transfers such as banking on the Internet, ATM use, smart card transaction, electronic fund transfers (EFTs), and the like. Obviously, the need for security in the transfer of financial information is paramount.
To maintain security and data integrity, providers of financial information and exchanges have devised authentication and/or authorization protocols in environments solely for that provider's system or for a limited group of providers or services. Each protocol independently determines who the user is and/or whether a user may use a particular service, which objects among the range of channels and exchange services the user is allowed to access. No prior system offers users within that system a comprehensive solution to access and exchange secure information to and from disparate and/or unrelated sources.
Security in the exchange of financial information also impedes interaction between legacy and new systems. In order to insure the secure delivery of services, providers of financial information and exchange services require users to complete new identification information so that a user must use separate access protocols in order to use a new version of a given existing application.
The multitude of incompatible authentication and authorization protocols mandates that consumers of electronic financial services perform numerous sign-on procedures. Each authentication and/or authorization procedure service requires the retention of separate passwords or other digital security objects. As a result, the electronic exchange of financial information requires authorization and/or authentication to multiple security systems producing incompatibilities and delays in financial exchanges between and among institutions, merchants, and their customers and clients.
Security protocols also include varying levels of access and authorization for a user of electronic financial information and exchanges. Existing systems are not integrated, and actually work to prevent integration of access and authorization across systems by employing credentialing or identification mechanisms that are specific only to that system. The specific mechanisms require protocols that reflect various system-specific policy rules and activities that may not be compatible with other systems or technologies.
In the prior art, a lack of enterprise application architecture scatters data and business logic. For example, data files relating to relationship (customer to . . . household, organizations, other customers, etc.), demographics (income, marriage status, address(s), geo codes, preferences, etc.), accounts (product types, rates, balances, status, etc.), transactions (amount, time, location, volume, etc.), behavior (contacts, requests, issues, campaign, events/triggers, etc.), history (financial and nonfinancial trends), and analysis (profitability, best offers, risk factors, etc.) are often scattered and inaccessible from one legacy system to another.
Complicated and expensive connectivity systems have been proposed to resolve these issues; however, prior solutions have a negative impact on key business initiatives such as relationship management, merger and acquisition integration, performance management, and operational risk management. Prior art deployment stratagems for an information integration hub have been elusive. To build is expensive and risky, involving projected costs of $50 Million to $75 Million and a projected timeframe of from 24 to 36 months before value is achieved. High risk and high cost are associated with lack of experience and resource constraints and existing channel software or middleware may present a high risk to stretch a product past design. Namely there are too many pieces to try to put together. Hence, the scope and risk of an integration project has hindered attempts at solving the data integration problem in the financial industry and there are numerous universal adapters for core systems and delivery channels which have proven unsatisfactory.
Channels perform authentication either at the channel (using a trusted connection to other systems) or use an external or host-based (untrusted connection to the device or system that is providing authentication, and/or authorization) security. The disparity of trusted or untrusted systems among channels, devices, and services severely limits a uniform system for secure transactions. As an example, an ATM usually uses a trusted security pathway, in that ATM's compare a user's credentials to information stored on the ATM's system.
If systems are to be integrated, trusted and untrusted channels have a need to proxy security to another entity. This may be required when credentials are presented and must be checked prior to allowing a user to access information across disparate systems. Channels may also provide a reference to a session or activity context that can be tied to the credential(s) presented by a device, system, person or channel. In order for a channel to perform exchanges between individual services, such as a web banking application that includes ATM access and a smart card, the individual authorization and authentication protocols for each of those services require a user to submit multiple user IDs and passwords in order to perform inquiries and transfers among and between services and/or systems.
A need exists for a system that integrates authentication and/or authorization protocols and various encryption schemes required for independent services that determines a device, person, channel or system's relationship to a given service, the objects among the channels and exchange options allowed, and the level of access allowed for each device, person, channel, system, service, and exchange. An integrated security solution that provides a flexible service is desirable to save time and resources. No existing system in the prior art adapts easily for use with all services, devices, and delivery channels with multiple credential storage systems or encryption schemes.